przez mirekg1963 30 Cze 2009, 17:13
Przesyłam obrazek tego co mi tu wyskakuje jak możesz to mi wyjaśnij a jeżeli nie to napisz 
to dotarłem do uruchomiania i wyrzuciłem dziada ale to znowu powróciło 
A gdybyć tak przy okazji spojrzał co tam jest za śmieć? Co, nazby7t dużo proszę?? 
przez Okocza 30 Cze 2009, 20:51
przez mirekg1963 30 Cze 2009, 21:07
Logfile of random's system information tool 1.06 (written by random/random)
Run by Właściciel at 2009-06-30 21:04:23
Microsoft Windows XP Home Edition Dodatek Service Pack 3
System drive C: has 17 GB (42%) free of 40 GB
Total RAM: 447 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:29, on 2009-06-30
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\dc.exe
C:\WINDOWS\system\Fun.exe
C:\WINDOWS\SVIQ.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Właściciel\Pulpit\BlueCafe\BlueCafe.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Właściciel\Pulpit\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Właściciel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\WinSit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Właściciel\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [Fun] C:\WINDOWS\system\Fun.exe
O4 - HKCU\..\Run: [dc] C:\WINDOWS\dc.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238490858828
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7030 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E76B61F8-F171-44EA-9D24-53C588CA9C18}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-11 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocnik rejestracji usługi Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-14 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\Właściciel\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-05-28 42088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-31 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"ClamWin"=C:\Program Files\ClamWin\bin\ClamTray.exe --logon []
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 171520]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Fun"=C:\WINDOWS\system\Fun.exe [2009-04-20 192512]
"dc"=C:\WINDOWS\dc.exe [2009-04-20 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-30 581464]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 97136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 204800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
C:\WINDOWS\system32\olhrwef.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 360448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dc]
C:\WINDOWS\dc.exe [2009-04-20 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dc2k5]
C:\WINDOWS\SVIQ.EXE [2009-04-20 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE [2007-04-12 182272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]
C:\WINDOWS\EXPLORER.EXE [2008-04-14 1035264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fun]
C:\WINDOWS\system\Fun.exe [2009-04-20 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\inf\Other.exe [2009-04-20 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
C:\Program Files\Odkurzacz\odk_mcd.exe [2008-08-16 326144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\system32\config\Win.exe [2009-04-20 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 206224]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-14 100848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Właściciel^Menu Start^Programy^Autostart^HDDlife.lnk]
C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2
"gupdate1c9bd06f8baf463"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Właściciel\Pulpit\BlueCafe\BlueCafe.exe"="C:\Documents and Settings\Właściciel\Pulpit\BlueCafe\BlueCafe.exe:*:Enabled:ipsec"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\All Users\Dokumenty\Fun.exe"="C:\Documents and Settings\All Users\Dokumenty\Fun.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.exe:*:Enabled:ipsec"
"C:\WINDOWS\dc.exe"="C:\WINDOWS\dc.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe"="C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\nwiz.exe"="C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec"
"C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"="C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe:*:Enabled:ipsec"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\RUNDLL32.EXE"="C:\WINDOWS\system32\RUNDLL32.EXE:*:Enabled:ipsec"
"C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe"="C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\WinSit.exe"="C:\WINDOWS\system32\WinSit.exe:*:Enabled:ipsec"
"C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"="C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe:*:Enabled:ipsec"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02a87c84-20ef-11de-a9a8-001a4d7a06de}]
shell\AutoRun\command - F:\cqxj.exe
shell\open\command - F:\cqxj.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02a87c85-20ef-11de-a9a8-001a4d7a06de}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{037085de-51c1-11de-a9fb-001a4d7a06de}]
shell\Auto\command - fun.xls.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09b1a279-28d5-11de-a9b7-001a4d7a06de}]
shell\AutoRun\command - F:\sv8c2bjw.bat
shell\open\command - F:\sv8c2bjw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09b1a280-28d5-11de-a9b7-001a4d7a06de}]
shell\AutoRun\command - F:\qwtb.com
shell\open\command - F:\qwtb.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09b1a285-28d5-11de-a9b7-001a4d7a06de}]
shell\AutoRun\command - F:\qwtb.com
shell\open\command - F:\qwtb.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b17f959-2d82-11de-a9bf-001a4d7a06de}]
shell\AutoRun\command - ej10fkdo.bat
shell\open\command - ej10fkdo.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b17f961-2d82-11de-a9bf-001a4d7a06de}]
shell\AutoRun\command - F:\ej10fkdo.bat
shell\open\command - F:\ej10fkdo.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb991b3-3c84-11de-a9db-001a4d7a06de}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb991b4-3c84-11de-a9db-001a4d7a06de}]
shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c14698-201e-11de-a9a7-001a4d7a06de}]
shell\AutoRun\command - F:\cqxj.exe
shell\open\command - F:\cqxj.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{185184de-49cd-11de-a9f0-001a4d7a06de}]
shell\AutoRun\command - F:\qxty9be.cmd
shell\open\command - F:\qxty9be.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1928c560-3300-11de-a9cb-001a4d7a06de}]
shell\AuTopLAy\command - F:\ackxu.exe
shell\AutoRun\command - F:\ackxu.exe
shell\EXplorE\command - F:\ackxu.exe
shell\OpeN\command - F:\ackxu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1928c569-3300-11de-a9cb-001a4d7a06de}]
shell\AutoRun\command - F:\d1vmq.exe
shell\open\command - F:\d1vmq.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e0e1cbe-60a0-11de-aa15-001a4d7a06de}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21329586-6250-11de-aa18-001a4d7a06de}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21b28c65-5be3-11de-aa0e-001a4d7a06de}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21b28c66-5be3-11de-aa0e-001a4d7a06de}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22a0ad9a-3e06-11de-a9dc-001a4d7a06de}]
shell\AutoRun\command - F:\ysep1.exe
shell\open\command - F:\ysep1.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22a0ada3-3e06-11de-a9dc-001a4d7a06de}]
shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22a0ada4-3e06-11de-a9dc-001a4d7a06de}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33fd10fd-5411-11de-aa01-001a4d7a06de}]
shell\AutoRun\command - F:\n68mqcra.exe
shell\open\command - F:\n68mqcra.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33fd1100-5411-11de-aa01-001a4d7a06de}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b7fde7e-4cee-11de-a9f4-001a4d7a06de}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f28cd60-1f5a-11de-a9a5-001a4d7a06de}]
shell\AutoRun\command - F:\oufddh.exe
shell\explore\command - F:\oufddh.exe
shell\open\command - F:\oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f28cd68-1f5a-11de-a9a5-001a4d7a06de}]
shell\AutoRun\command - F:\rbj9jn1n.bat
shell\open\command - F:\rbj9jn1n.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f735228-1edf-11de-a9a4-001a4d7a06de}]
shell\AutoRun\command - F:\luk1ylq.com
shell\open\command - F:\luk1ylq.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84ab7545-4451-11de-a9e5-001a4d7a06de}]
shell\AUtOplAy\command - G:\wqobce.exe
shell\AutoRun\command - G:\wqobce.exe
shell\explOre\command - G:\wqobce.exe
shell\OpEn\command - G:\wqobce.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84ab754e-4451-11de-a9e5-001a4d7a06de}]
shell\AutoRun\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
shell\open\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85f71304-24df-11de-a9af-001a4d7a06de}]
shell\AutoRun\command - F:\1ogf.exe
shell\open\command - F:\1ogf.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87aff958-61ae-11de-aa17-001a4d7a06de}]
shell\AutoRun\command - G:\s.exe
shell\open\command - G:\s.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8974eea2-29df-11de-a9b9-001a4d7a06de}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8974eea3-29df-11de-a9b9-001a4d7a06de}]
shell\AutoRun\command - G:\lc.exe
shell\open\command - G:\lc.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2449ee9-4384-11de-a9e4-001a4d7a06de}]
shell\AutoRun\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
shell\open\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac96b0c4-298f-11de-a9b8-001a4d7a06de}]
shell\AutoRun\command - F:\u.com
shell\open\command - F:\u.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1b69589-57ec-11de-aa08-001a4d7a06de}]
shell\AutoRun\command - WScript.exe .\`.vbs
shell\open\command - WScript.exe .\`.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1b6958a-57ec-11de-aa08-001a4d7a06de}]
shell\AutoRun\command - F:\m9ma.exe
shell\explore\command - F:\m9ma.exe
shell\open\command - F:\m9ma.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b42d4a50-2357-11de-a9ac-001a4d7a06de}]
shell\AutoRun\command - H:\gclwpivc.cmd
shell\open\command - H:\gclwpivc.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2020487-1dd6-11de-a9a1-001a4d7a06de}]
shell\autoPlAy\command - fupnew.exe
shell\AutoRun\command - fupnew.exe
shell\expLOre\command - fupnew.exe
shell\open\command - fupnew.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3337ab5-2281-11de-a9aa-001a4d7a06de}]
shell\AutoRun\command - F:\upw.bat
shell\open\command - F:\upw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c417078a-5983-11de-aa09-001a4d7a06de}]
shell\AutoRun\command - F:\6phx.com
shell\open\command - F:\6phx.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c417078c-5983-11de-aa09-001a4d7a06de}]
shell\AutoRun\command - F:\NADFOLDER\autorun.exe
shell\open\command - F:\NADFOLDER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c919e504-4132-11de-a9e2-001a4d7a06de}]
shell\AutoRun\command - ymxf2.exe
shell\open\command - ymxf2.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c969379e-5285-11de-a9fc-001a4d7a06de}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL unlock.exe
shell\open\command - F:\unlock.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce2f8535-4e85-11de-a9f5-001a4d7a06de}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d296e3fc-45e5-11de-a9e8-001a4d7a06de}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9eb2457-2e49-11de-a9c0-001a4d7a06de}]
shell\AutoRun\command - F:\ej10fkdo.bat
shell\open\command - F:\ej10fkdo.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9eb245c-2e49-11de-a9c0-001a4d7a06de}]
shell\AutoRun\command - F:\ej10fkdo.bat
shell\open\command - F:\ej10fkdo.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9eb245f-2e49-11de-a9c0-001a4d7a06de}]
shell\AutoRun\command - F:\ej10fkdo.bat
shell\open\command - F:\ej10fkdo.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dea795ca-2f19-11de-a9c1-001a4d7a06de}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dea795cb-2f19-11de-a9c1-001a4d7a06de}]
shell\AutoRun\command - H:\g1ljsm.com
shell\open\command - H:\g1ljsm.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df7dd12a-4906-11de-a9ee-001a4d7a06de}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f04e8fc7-2fda-11de-a9c2-001a4d7a06de}]
shell\AutoRun\command - F:\g1ljsm.com
shell\open\command - F:\g1ljsm.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f14907b5-1d52-11de-a99f-001a4d7a06de}]
shell\AutoRun\command - G:\e.cmd
shell\explore\command - G:\e.cmd
shell\open\command - G:\e.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc65ad7a-4b62-11de-a9f2-001a4d7a06de}]
shell\Auto\command - Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
======List of files/folders created in the last 1 months======
2009-06-30 21:04:23 ----D---- C:\rsit
2009-06-30 18:33:16 ----D---- C:\Program Files\Trend Micro
2009-06-30 18:31:00 ----D---- C:\Program Files\CCleaner
2009-06-29 11:21:25 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Malwarebytes
2009-06-29 11:21:21 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2009-06-29 10:49:44 ----A---- C:\WINDOWS\wininit.ini
2009-06-29 10:24:44 ----A---- C:\WINDOWS\system32\WinSit.exe
2009-06-29 10:24:44 ----A---- C:\WINDOWS\SVIQ.EXE
2009-06-29 10:24:44 ----A---- C:\WINDOWS\dc.exe
2009-06-27 12:33:32 ----A---- C:\WINDOWS\NPGUI.INI
2009-06-27 12:20:06 ----D---- C:\Program Files\NetPeeker
2009-06-18 20:19:44 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\FireShot
2009-06-13 09:22:30 ----D---- C:\WINDOWS\ie8updates
2009-06-13 09:22:11 ----D---- C:\WINDOWS\WBEM
2009-06-13 09:21:55 ----HDC---- C:\WINDOWS\ie8
2009-06-13 09:20:36 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-12 21:57:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-12 21:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-12 21:57:00 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-12 21:56:57 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-12 21:56:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-06 15:53:22 ----D---- C:\Program Files\MSXML 4.0
2009-06-05 13:07:03 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2009-06-05 13:06:23 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\CyberLink
2009-06-05 12:57:46 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Cyberlink
2009-06-05 12:57:27 ----A---- C:\WINDOWS\system32\msxml4r.dll
2009-06-05 12:57:27 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-06-05 12:56:53 ----N---- C:\WINDOWS\system32\MFC71u.dll
2009-06-05 12:56:53 ----N---- C:\WINDOWS\system32\atl71.dll
2009-06-05 12:56:47 ----D---- C:\Program Files\CyberLink
2009-06-05 12:56:23 ----D---- C:\Program Files\Digital Photo Navigator 1.5
2009-06-01 16:39:37 ----D---- C:\Program Files\LSoft Technologies
======List of files/folders modified in the last 1 months======
2009-06-30 21:00:02 ----D---- C:\Program Files\Mozilla Firefox
2009-06-30 20:52:38 ----D---- C:\Downloads
2009-06-30 20:46:58 ----D---- C:\Program Files\BitComet
2009-06-30 18:33:16 ----RD---- C:\Program Files
2009-06-30 18:20:47 ----RASH---- C:\boot.ini
2009-06-30 18:20:47 ----A---- C:\WINDOWS\win.ini
2009-06-30 18:20:47 ----A---- C:\WINDOWS\system.ini
2009-06-30 17:19:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-30 16:53:44 ----D---- C:\WINDOWS\system32
2009-06-30 16:46:00 ----D---- C:\WINDOWS\temp
2009-06-30 16:45:50 ----D---- C:\WINDOWS\system32\drivers
2009-06-30 16:44:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-30 14:45:11 ----SHD---- C:\WINDOWS\Installer
2009-06-30 14:45:11 ----SD---- C:\WINDOWS\Tasks
2009-06-30 09:36:57 ----D---- C:\WINDOWS
2009-06-29 21:02:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-29 21:02:09 ----D---- C:\Program Files\Internet Explorer
2009-06-29 20:55:56 ----D---- C:\Program Files\Windows Media Player
2009-06-29 17:33:33 ----HD---- C:\WINDOWS\inf
2009-06-29 17:33:33 ----D---- C:\WINDOWS\system32\config
2009-06-29 17:33:33 ----D---- C:\WINDOWS\system
2009-06-29 17:33:33 ----D---- C:\WINDOWS\Help
2009-06-29 09:38:10 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater
2009-06-27 12:18:15 ----D---- C:\WINDOWS\Prefetch
2009-06-24 13:11:04 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-19 16:40:40 ----D---- C:\instal
2009-06-16 17:35:05 ----D---- C:\Program Files\Ganymede
2009-06-15 16:00:44 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Skype
2009-06-15 11:03:01 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2009-06-13 11:29:05 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-13 11:29:01 ----RSD---- C:\WINDOWS\assembly
2009-06-13 09:34:45 ----D---- C:\WINDOWS\system32\pl-pl
2009-06-13 09:31:21 ----RSD---- C:\WINDOWS\Fonts
2009-06-13 09:31:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-13 09:30:46 ----D---- C:\Program Files\Microsoft Works
2009-06-13 09:24:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-13 09:24:24 ----D---- C:\WINDOWS\WinSxS
2009-06-13 09:22:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-13 09:22:33 ----A---- C:\WINDOWS\imsins.BAK
2009-06-13 09:22:09 ----D---- C:\WINDOWS\Media
2009-06-08 09:10:52 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-06-06 09:54:58 ----D---- C:\WINDOWS\system32\Macromed
2009-06-05 18:15:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-05 16:04:20 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-03 17:19:16 ----D---- C:\Program Files\SkanerOnline
2009-06-03 17:19:04 ----D---- C:\Program Files\Common Files
2009-06-03 15:41:27 ----D---- C:\Program Files\Nowe Gadu-Gadu
2009-06-02 21:05:57 ----SD---- C:\Documents and Settings\Właściciel\Dane aplikacji\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 NetPeeker;NetPeeker; C:\WINDOWS\System32\Drivers\NetPeeker.sys [2009-06-27 246864]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
R3 aic32p;aic32p; \??\C:\WINDOWS\system32\drivers\kipopl.sys []
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 ASFWHide;ASFWHide; \??\C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ASFWHide []
S3 catchme;catchme; \??\C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\catchme.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Sterownik monitora sieci; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 V0260VID;Live! Cam Vista IM; C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 178913]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Usuga stanu ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-30 1090896]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 835584]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 323584]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 503152]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 206624]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S4 gupdate1c9bd06f8baf463;Usługa Google Update (gupdate1c9bd06f8baf463); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-14 133104]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-14 244720]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
przez Okocza 30 Cze 2009, 22:02
O4 - HKCU\..\Run: [Fun] C:\WINDOWS\system\Fun.exe
O4 - HKCU\..\Run: [dc] C:\WINDOWS\dc.exe
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fun]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02a87c84-20ef-11de-a9a8-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{037085de-51c1-11de-a9fb-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09b1a279-28d5-11de-a9b7-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09b1a280-28d5-11de-a9b7-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09b1a285-28d5-11de-a9b7-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b17f959-2d82-11de-a9bf-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b17f961-2d82-11de-a9bf-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb991b4-3c84-11de-a9db-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c14698-201e-11de-a9a7-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{185184de-49cd-11de-a9f0-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1928c560-3300-11de-a9cb-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1928c569-3300-11de-a9cb-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e0e1cbe-60a0-11de-aa15-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21b28c66-5be3-11de-aa0e-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22a0ad9a-3e06-11de-a9dc-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22a0ada3-3e06-11de-a9dc-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22a0ada4-3e06-11de-a9dc-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33fd10fd-5411-11de-aa01-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b7fde7e-4cee-11de-a9f4-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f28cd60-1f5a-11de-a9a5-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f28cd68-1f5a-11de-a9a5-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f735228-1edf-11de-a9a4-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84ab7545-4451-11de-a9e5-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84ab754e-4451-11de-a9e5-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87aff958-61ae-11de-aa17-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8974eea3-29df-11de-a9b9-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2449ee9-4384-11de-a9e4-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac96b0c4-298f-11de-a9b8-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1b69589-57ec-11de-aa08-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1b6958a-57ec-11de-aa08-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b42d4a50-2357-11de-a9ac-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2020487-1dd6-11de-a9a1-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3337ab5-2281-11de-a9aa-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c417078a-5983-11de-aa09-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c417078c-5983-11de-aa09-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c919e504-4132-11de-a9e2-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d296e3fc-45e5-11de-a9e8-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9eb245c-2e49-11de-a9c0-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9eb245f-2e49-11de-a9c0-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dea795cb-2f19-11de-a9c1-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df7dd12a-4906-11de-a9ee-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f04e8fc7-2fda-11de-a9c2-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f14907b5-1d52-11de-a99f-001a4d7a06de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc65ad7a-4b62-11de-a9f2-001a4d7a06de}]C:\WINDOWS\SVIQ.EXE
C:\WINDOWS\inf\Other.exe
C:\WINDOWS\system32\config\Win.exemirekg1963 napisał(a):grubsza heca czy pikuś
przez mirekg1963 01 Lip 2009, 10:07
Nic nie wiem !?
przez Okocza 01 Lip 2009, 10:36
przez mirekg1963 01 Lip 2009, 15:24
ComboFix 09-06-29.07 - Właściciel 2009-07-01 15:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.447.179 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Właściciel\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\dc.exe
c:\windows\help\Other.exe
c:\windows\inf\Other.exe
c:\windows\sviq.exe
c:\windows\system\Fun.exe
c:\windows\system32\config\Win.exe
c:\windows\system32\Penx.dat
c:\windows\system32\WinSit.exe
c:\windows\system32\Xpen.dat
D:\0bcobed.exe
D:\0xuc.com
D:\a2h2.com
D:\cqxj.exe
D:\ft96s.exe
D:\g1ljsm.com
D:\hyetn1i.exe
D:\o3n9k.com
D:\w2.com
D:\w98.com
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_asc3360pr
((((((((((((((((((((((((( Pliki utworzone od 2009-06-01 do 2009-07-01 )))))))))))))))))))))))))))))))
.
2009-06-30 16:33 . 2009-06-30 16:33 -------- d-----w- c:\program files\Trend Micro
2009-06-29 09:21 . 2009-06-29 09:21 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-06-27 10:20 . 2009-06-27 10:27 -------- d-----w- c:\program files\NetPeeker
2009-06-27 10:20 . 2009-06-27 10:20 246864 ----a-w- c:\windows\system32\drivers\NetPeeker.sys
2009-06-15 09:00 . 2009-06-15 09:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-13 07:22 . 2009-04-30 21:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-13 07:22 . 2009-04-30 21:17 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-13 07:22 . 2009-04-30 21:17 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-13 07:22 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-13 07:22 . 2009-06-13 07:22 -------- d-----w- c:\windows\ie8updates
2009-06-13 07:22 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-13 07:21 . 2009-06-13 07:22 -------- dc-h--w- c:\windows\ie8
2009-06-09 19:56 . 2009-06-09 19:56 -------- d-----w- c:\documents and settings\Default User\Ustawienia lokalne\Dane aplikacji\Microsoft Help
2009-06-08 07:10 . 2009-06-30 09:33 77128 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-08 07:10 . 2009-06-29 09:34 84832 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-08 07:10 . 2009-06-29 09:34 246128 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-08 07:10 . 2009-06-29 09:34 40288 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-06 13:53 . 2009-06-06 13:53 -------- d-----w- c:\program files\MSXML 4.0
2009-06-05 11:07 . 2009-06-05 11:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-06-05 10:57 . 2009-06-05 10:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Cyberlink
2009-06-05 10:57 . 2006-06-04 13:48 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-06-05 10:57 . 2006-06-04 13:48 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-06-05 10:56 . 2006-06-04 13:48 89088 ------w- c:\windows\system32\atl71.dll
2009-06-05 10:56 . 2006-06-04 13:48 1047552 ------w- c:\windows\system32\MFC71u.dll
2009-06-05 10:56 . 2009-06-05 14:04 -------- d-----w- c:\program files\CyberLink
2009-06-05 10:56 . 2009-06-05 10:56 -------- d-----w- c:\program files\Digital Photo Navigator 1.5
2009-06-01 14:39 . 2009-06-01 14:39 -------- d-----w- c:\program files\LSoft Technologies
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 18:46 . 2009-03-31 09:44 -------- d-----w- c:\program files\BitComet
2009-06-30 09:33 . 2009-06-22 09:33 376152 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-30 09:33 . 2009-06-22 09:33 146792 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-30 09:33 . 2009-06-22 09:33 624504 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-30 09:33 . 2009-06-22 09:33 628072 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-30 09:33 . 2009-06-22 09:33 2414408 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-30 09:33 . 2009-06-22 09:33 690512 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-30 09:33 . 2009-06-22 09:33 581464 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-30 09:33 . 2009-06-22 09:33 1090896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-29 09:34 . 2009-06-22 09:33 25440 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-29 09:34 . 2009-06-22 09:33 169312 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-29 09:34 . 2009-06-22 09:33 348496 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 09:34 . 2009-06-22 09:33 298336 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 09:34 . 2009-06-22 09:33 1630560 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-29 09:34 . 2009-06-22 09:33 664424 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-29 07:38 . 2009-04-14 13:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater
2009-06-16 15:35 . 2009-03-31 10:43 -------- d-----w- c:\program files\Ganymede
2009-06-15 09:03 . 2009-03-30 17:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-06-13 07:30 . 2009-03-30 17:45 -------- d-----w- c:\program files\Microsoft Works
2009-06-13 07:24 . 2006-03-02 12:00 83660 ----a-w- c:\windows\system32\perfc015.dat
2009-06-13 07:24 . 2006-03-02 12:00 490284 ----a-w- c:\windows\system32\perfh015.dat
2009-06-08 07:10 . 2009-04-11 07:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-05 14:04 . 2009-03-30 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 15:19 . 2009-05-05 16:49 -------- d-----w- c:\program files\SkanerOnline
2009-06-03 13:41 . 2009-03-31 07:57 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-06-01 14:39 . 2009-05-22 17:57 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-29 13:45 . 2009-05-29 13:45 -------- d-----w- c:\program files\Ashampoo
2009-05-21 09:42 . 2009-05-21 09:42 -------- d-----w- c:\program files\QuickTime
2009-05-21 09:42 . 2009-05-21 09:42 -------- d-----w- c:\program files\Xilisoft
2009-05-16 12:18 . 2009-04-03 09:26 -------- d-----w- c:\program files\Google
2009-05-15 09:23 . 2009-05-15 09:15 -------- d-----w- c:\program files\Creative
2009-05-13 19:08 . 2009-05-13 14:14 -------- d-----w- c:\program files\NCH Software
2009-05-13 14:14 . 2009-05-13 14:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NCH Software
2009-05-13 09:43 . 2009-05-13 09:43 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-13 05:06 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:34 . 2006-03-02 12:00 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-25 10:16 . 2009-04-25 10:16 64160 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-19 19:51 . 2006-03-02 12:00 1847424 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 19:00 . 2009-03-30 14:33 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-09 08:23 . 2009-04-09 08:23 21 --sh--w- C:\date.bin
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-31 1683456]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Właściciel^Menu Start^Programy^Autostart^HDDlife.lnk]
path=c:\documents and settings\Właściciel\Menu Start\Programy\Autostart\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"gupdate1c9bd06f8baf463"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Właściciel\\Pulpit\\BlueCafe\\BlueCafe.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Dokumenty\\Fun.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\jucheck.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"=
"c:\\Program Files\\Google\\Update\\1.2.183.7\\GoogleCrashHandler.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\ComboFix\\NirCmdC.cfexe"=
"c:\\WINDOWS\\system32\\CF17959.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20932:TCP"= 20932:TCP:BitComet 20932 TCP
"20932:UDP"= 20932:UDP:BitComet 20932 UDP
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-31 64160]
R1 NetPeeker;NetPeeker;c:\windows\system32\drivers\NetPeeker.sys [2009-06-27 246864]
R3 aic32p;aic32p;\??\c:\windows\system32\drivers\kipopl.sys --> c:\windows\system32\drivers\kipopl.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 1090896]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2009-05-15 178913]
S4 gupdate1c9bd06f8baf463;Usługa Google Update (gupdate1c9bd06f8baf463);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'
2009-06-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 09:33]
2009-07-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-14 13:39]
2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 13:43]
2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 13:43]
2009-07-01 c:\windows\Tasks\User_Feed_Synchronization-{E76B61F8-F171-44EA-9D24-53C588CA9C18}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-ClamWin - c:\program files\ClamWin\bin\ClamTray.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gazeta.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
FF - ProfilePath - c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\n6q2o4wp.default\
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - component: c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\n6q2o4wp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\n6q2o4wp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 15:16
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\WACICI~1\USTAWI~1\Temp\ASFWHide"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-07-01 15:19 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-07-01 13:19
Przed: 16 728 051 712 bajtów wolnych
Po: 17 189 441 536 bajtów wolnych
229 --- E O F --- 2009-06-15 09:03
przez Okocza 01 Lip 2009, 15:28
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
przez mirekg1963 01 Lip 2009, 17:16
przez Okocza 01 Lip 2009, 17:40
przez mirekg1963 01 Lip 2009, 17:47
przez Okocza 01 Lip 2009, 17:49
przez mirekg1963 01 Lip 2009, 19:13
. Mam karty sieciowe. Udało mi się ściągnąć program PRT zobaczymy co on da.Screena masz po 10 minutach próby otwierania strony i ona nadal się otwiera a tak jakby nie mogła. Inne strony działają. To dziadostwo jest chyba inteligentne - mówiłem "Pan Pikuś"!
przez Okocza 01 Lip 2009, 20:44
przez mirekg1963 02 Lip 2009, 11:19
ComboFix 09-07-01.01 - Właściciel 2009-07-02 10:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.447.229 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Właściciel\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-06-02 do 2009-07-02 )))))))))))))))))))))))))))))))
.
2009-07-02 07:29 . 2009-07-02 07:29 -------- d-----w- c:\windows\LastGood
2009-07-01 18:40 . 2009-07-01 18:40 232 ----a-w- C:\delunins.bat
2009-07-01 14:53 . 2009-07-01 14:53 -------- d-----w- c:\windows\ERUNT
2009-07-01 14:34 . 2009-07-01 14:34 -------- d-----w- c:\program files\DiskTrix
2009-06-30 16:33 . 2009-06-30 16:33 -------- d-----w- c:\program files\Trend Micro
2009-06-29 09:21 . 2009-06-29 09:21 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-06-27 10:20 . 2009-06-27 10:27 -------- d-----w- c:\program files\NetPeeker
2009-06-27 10:20 . 2009-06-27 10:20 246864 ----a-w- c:\windows\system32\drivers\NetPeeker.sys
2009-06-15 09:00 . 2009-06-15 09:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-13 07:22 . 2009-04-30 21:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-13 07:22 . 2009-04-30 21:17 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-13 07:22 . 2009-04-30 21:17 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-13 07:22 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-13 07:22 . 2009-06-13 07:22 -------- d-----w- c:\windows\ie8updates
2009-06-13 07:22 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-13 07:21 . 2009-06-13 07:22 -------- dc-h--w- c:\windows\ie8
2009-06-09 19:56 . 2009-06-09 19:56 -------- d-----w- c:\documents and settings\Default User\Ustawienia lokalne\Dane aplikacji\Microsoft Help
2009-06-08 07:10 . 2009-06-30 09:33 77128 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-08 07:10 . 2009-06-29 09:34 84832 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-08 07:10 . 2009-06-29 09:34 246128 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-08 07:10 . 2009-06-29 09:34 40288 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-06 13:53 . 2009-06-06 13:53 -------- d-----w- c:\program files\MSXML 4.0
2009-06-05 11:07 . 2009-06-05 11:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-06-05 10:57 . 2009-06-05 10:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Cyberlink
2009-06-05 10:57 . 2006-06-04 13:48 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-06-05 10:57 . 2006-06-04 13:48 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-06-05 10:56 . 2006-06-04 13:48 89088 ------w- c:\windows\system32\atl71.dll
2009-06-05 10:56 . 2006-06-04 13:48 1047552 ------w- c:\windows\system32\MFC71u.dll
2009-06-05 10:56 . 2009-06-05 14:04 -------- d-----w- c:\program files\CyberLink
2009-06-05 10:56 . 2009-06-05 10:56 -------- d-----w- c:\program files\Digital Photo Navigator 1.5
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 07:38 . 2009-05-05 16:49 -------- d-----w- c:\program files\SkanerOnline
2009-06-30 18:46 . 2009-03-31 09:44 -------- d-----w- c:\program files\BitComet
2009-06-30 09:33 . 2009-06-22 09:33 376152 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-30 09:33 . 2009-06-22 09:33 146792 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-30 09:33 . 2009-06-22 09:33 624504 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-30 09:33 . 2009-06-22 09:33 628072 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-30 09:33 . 2009-06-22 09:33 2414408 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-30 09:33 . 2009-06-22 09:33 690512 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-30 09:33 . 2009-06-22 09:33 581464 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-30 09:33 . 2009-06-22 09:33 1090896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-29 09:34 . 2009-06-22 09:33 25440 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-29 09:34 . 2009-06-22 09:33 169312 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-29 09:34 . 2009-06-22 09:33 348496 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 09:34 . 2009-06-22 09:33 298336 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 09:34 . 2009-06-22 09:33 1630560 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-29 09:34 . 2009-06-22 09:33 664424 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-29 07:38 . 2009-04-14 13:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater
2009-06-16 15:35 . 2009-03-31 10:43 -------- d-----w- c:\program files\Ganymede
2009-06-15 09:03 . 2009-03-30 17:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-06-13 07:30 . 2009-03-30 17:45 -------- d-----w- c:\program files\Microsoft Works
2009-06-13 07:24 . 2006-03-02 12:00 83660 ----a-w- c:\windows\system32\perfc015.dat
2009-06-13 07:24 . 2006-03-02 12:00 490284 ----a-w- c:\windows\system32\perfh015.dat
2009-06-08 07:10 . 2009-04-11 07:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-05 14:04 . 2009-03-30 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 13:41 . 2009-03-31 07:57 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-06-01 14:39 . 2009-05-22 17:57 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-01 14:39 . 2009-06-01 14:39 -------- d-----w- c:\program files\LSoft Technologies
2009-05-29 13:45 . 2009-05-29 13:45 -------- d-----w- c:\program files\Ashampoo
2009-05-21 09:42 . 2009-05-21 09:42 -------- d-----w- c:\program files\QuickTime
2009-05-21 09:42 . 2009-05-21 09:42 -------- d-----w- c:\program files\Xilisoft
2009-05-16 12:18 . 2009-04-03 09:26 -------- d-----w- c:\program files\Google
2009-05-15 09:23 . 2009-05-15 09:15 -------- d-----w- c:\program files\Creative
2009-05-13 19:08 . 2009-05-13 14:14 -------- d-----w- c:\program files\NCH Software
2009-05-13 14:14 . 2009-05-13 14:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NCH Software
2009-05-13 09:43 . 2009-05-13 09:43 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-13 05:06 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:34 . 2006-03-02 12:00 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-25 10:16 . 2009-04-25 10:16 64160 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-19 19:51 . 2006-03-02 12:00 1847424 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 19:00 . 2009-03-30 14:33 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-09 08:23 . 2009-04-09 08:23 21 --sh--w- C:\date.bin
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-31 1683456]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[COLOR=RED] Klucz Trybu Awaryjnego wymaga naprawy. Komputer nie może wejść w Tryb Awaryjny. [/COLOR]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\startupfolder\C:^Documents and Settings^Właściciel^Menu Start^Programy^Autostart^HDDlife.lnk]
path=c:\documents and settings\Właściciel\Menu Start\Programy\Autostart\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"gupdate1c9bd06f8baf463"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Właściciel\\Pulpit\\BlueCafe\\BlueCafe.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\jucheck.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"=
"c:\\Program Files\\Google\\Update\\1.2.183.7\\GoogleCrashHandler.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\ComboFix\\NirCmdC.cfexe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20932:TCP"= 20932:TCP:BitComet 20932 TCP
"20932:UDP"= 20932:UDP:BitComet 20932 UDP
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-31 64160]
R1 NetPeeker;NetPeeker;c:\windows\system32\drivers\NetPeeker.sys [2009-06-27 246864]
R3 aic32p;aic32p;\??\c:\windows\system32\drivers\kipopl.sys --> c:\windows\system32\drivers\kipopl.sys [?]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 1090896]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2009-05-15 178913]
S4 gupdate1c9bd06f8baf463;Usługa Google Update (gupdate1c9bd06f8baf463);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 133104]
.
Zawartość folderu 'Zaplanowane zadania'
2009-06-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 09:33]
2009-07-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-14 13:39]
2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 13:43]
2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 13:43]
2009-07-02 c:\windows\Tasks\User_Feed_Synchronization-{E76B61F8-F171-44EA-9D24-53C588CA9C18}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gazeta.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
FF - ProfilePath - c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\n6q2o4wp.default\
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - component: c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\n6q2o4wp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\n6q2o4wp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 11:02
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\WACICI~1\USTAWI~1\Temp\ASFWHide"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(2308)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2009-07-02 11:03
ComboFix-quarantined-files.txt 2009-07-02 09:03
Przed: 17 666 543 616 bajtów wolnych
Po: 17 653 350 400 bajtów wolnych
207 --- E O F --- 2009-06-15 09:03IChunkBase at 00B13680
Attempting to load base C:\Program Files\SkanerOnline\mksbase0.dat
ID 16842752
2005
Attempting to load base C:\Program Files\SkanerOnline\mksbase1.dat
ID 50397184
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbase2.dat
ID 83951616
2006
ID 84017152
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbase3.dat
ID 16973824
2005
ID 17039360
2005
Attempting to load base C:\Program Files\SkanerOnline\mksbase4.dat
ID 50462720
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbase5.dat
ID 67174400
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbase6.dat
ID 34668544
2006
ID 34734080
2005
Attempting to load base C:\Program Files\SkanerOnline\mksbase7.dat
ID 34799616
2006
ID 34865152
2004
Attempting to load base C:\Program Files\SkanerOnline\mksbase8.dat
ID 34930688
2006
ID 34996224
2005
Attempting to load base C:\Program Files\SkanerOnline\mksbase9.dat
ID 35061760
2006
ID 35127296
2005
Attempting to load base C:\Program Files\SkanerOnline\mksbasea.dat
ID 35192832
2006
ID 35258368
2005
Attempting to load base C:\Program Files\SkanerOnline\mksbaseb.dat
ID 100728832
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbasec.dat
ID 16908288
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbased.dat
ID 50528256
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbasee.dat
ID 50593792
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbasef.dat
ID 50659328
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbaseg.dat
ID 50724864
2008
Attempting to load base C:\Program Files\SkanerOnline\mksbaseh.dat
ID 50790400
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbasei.dat
ID 117506048
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbasej.dat
ID 117571584
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbasek.dat
ID 134283264
2006
ID 151060480
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbasel.dat
ID 67239936
2007
Attempting to load base C:\Program Files\SkanerOnline\mksbasem.dat
ID 50855936
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbasen.dat
ID 50921472
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbaseo.dat
ID 50987008
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbasep.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbaseq.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbaser.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbases.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbaset.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbaseu.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbasev.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbasew.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbasex.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbasey.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbasez.dat
No chunks loaded!
LoadBaseFiles OK
2005 11 16
2009 6 30
2006 2 2
2006 2 2
2005 11 15
2005 11 15
2009 6 30
2006 1 23
2006 1 23
2005 4 26
2006 1 23
2004 10 26
2006 1 23
2005 11 15
2006 1 23
2005 7 14
2006 1 23
2005 10 31
2006 1 23
2006 1 23
2006 1 23
2009 6 30
2009 6 30
2008 7 30
2009 6 30
2006 1 23
2006 1 23
2006 3 1
2006 3 1
2007 2 1
2009 6 30
2009 6 30
2009 6 30
IChunkBase at 00B53680
Attempting to load base C:\Program Files\SkanerOnline\mksbase0.dat
ID 16842752
2005
Attempting to load base C:\Program Files\SkanerOnline\mksbase1.dat
ID 50397184
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbase2.dat
ID 83951616
2006
ID 84017152
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbase3.dat
ID 16973824
2005
ID 17039360
2005
Attempting to load base C:\Program Files\SkanerOnline\mksbase4.dat
ID 50462720
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbase5.dat
ID 67174400
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbase6.dat
ID 34668544
2006
ID 34734080
2005
Attempting to load base C:\Program Files\SkanerOnline\mksbase7.dat
ID 34799616
2006
ID 34865152
2004
Attempting to load base C:\Program Files\SkanerOnline\mksbase8.dat
ID 34930688
2006
ID 34996224
2005
Attempting to load base C:\Program Files\SkanerOnline\mksbase9.dat
ID 35061760
2006
ID 35127296
2005
Attempting to load base C:\Program Files\SkanerOnline\mksbasea.dat
ID 35192832
2006
ID 35258368
2005
Attempting to load base C:\Program Files\SkanerOnline\mksbaseb.dat
ID 100728832
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbasec.dat
ID 16908288
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbased.dat
ID 50528256
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbasee.dat
ID 50593792
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbasef.dat
ID 50659328
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbaseg.dat
ID 50724864
2008
Attempting to load base C:\Program Files\SkanerOnline\mksbaseh.dat
ID 50790400
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbasei.dat
ID 117506048
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbasej.dat
ID 117571584
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbasek.dat
ID 134283264
2006
ID 151060480
2006
Attempting to load base C:\Program Files\SkanerOnline\mksbasel.dat
ID 67239936
2007
Attempting to load base C:\Program Files\SkanerOnline\mksbasem.dat
ID 50855936
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbasen.dat
ID 50921472
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbaseo.dat
ID 50987008
2009
Attempting to load base C:\Program Files\SkanerOnline\mksbasep.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbaseq.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbaser.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbases.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbaset.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbaseu.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbasev.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbasew.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbasex.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbasey.dat
No chunks loaded!
Attempting to load base C:\Program Files\SkanerOnline\mksbasez.dat
No chunks loaded!
LoadBaseFiles OK
2005 11 16
2009 6 30
2006 2 2
2006 2 2
2005 11 15
2005 11 15
2009 6 30
2006 1 23
2006 1 23
2005 4 26
2006 1 23
2004 10 26
2006 1 23
2005 11 15
2006 1 23
2005 7 14
2006 1 23
2005 10 31
2006 1 23
2006 1 23
2006 1 23
2009 6 30
2009 6 30
2008 7 30
2009 6 30
2006 1 23
2006 1 23
2006 3 1
2006 3 1
2007 2 1
2009 6 30
2009 6 30
2009 6 30
przez Okocza 02 Lip 2009, 19:59
przez mirekg1963 02 Lip 2009, 21:12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:51, on 2009-07-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Właściciel\Pulpit\BlueCafe\BlueCafe.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Właściciel\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238490858828
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6821 bytes
przez Okocza 02 Lip 2009, 21:46
przez mirekg1963 03 Lip 2009, 10:02
. Mogę stracić jakieś pliki ale chciałbym zachować kilka innych bardzo ważnych? A tu jeszcze log z FixIEDef ale chyba jest wszystko wporzo w nim********************************************************************************
* *
* FixIEDef Log *
* Version 1.7.22.7514 *
* *
********************************************************************************
Created at 09:32:53 on Friday, July 03, 2009
Time Zone :
Logged On User : Właściciel
Operating System : Microsoft Windows XP Home Edition Dodatek Service Pack 3
OS Architecture : X86
System Langauge : Polish
Keyboard Layout : Polish
Processor : X64 AMD Sempron(tm) Processor 3000+
System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32
System Drive Type : Fixed
System Drive Status : READY
System Drive Label :
System Drive Size : 40 GB
System Drive Free : 20.41 GB
Total Physical Memory: 447 MB
Free Physical Memory : 184 MB
Total Page File : 447 MB
Free Page File : 828 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory : 1957 MB
Boot State : Normal boot
--------------------------------------------------------------------------------
!!! userinit.exe is Clean !!!
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!
No malicious files found
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done :)
ShadowPuterDude
Safe Surfing!!!
przez wojtas 03 Lip 2009, 11:22
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 6 gości